WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46089 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca0e03655d57 Credits LEE SE HYOUNG...

WordPress Weaver Xtreme Theme Support Plugin < 6.3.1 is vulnerable to PHP Object Injection

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4971 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 68d407ee3a34 Credits Do Xuan Trung Required privilege...

WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Remote Code Execution (RCE)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4861 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID cd77a490f9de Credits Alex Sanford Required privilege...

WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)

Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Privilege Escalation

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-46145 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 23dc050c5700 Credits Rafie Muhammad Patchstack...

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to PHP Object Injection

Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-3154 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 2db7a0c70c48 Credits Linwz from DEVCORE Required privilege...

WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software The Awesome Feed – Custom Feed Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46077 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bf6946983fa1 Credits Nguy...

WordPress Ashe Extra Plugin <= 1.2.9 is vulnerable to Broken Access Control

Software Ashe Extra Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46079 Patch priority Low CVSS severity Low 5.4 Developer WProyal PSID 9a7abfde0bc8 Credits Jonas Höbenreich Required privilege...

WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Lava Directory Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46081 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f0161d7b2655 Credits Emili...

WordPress DX Delete Attached Media Plugin <= 2.0.5.1 is vulnerable to Broken Access Control

Software DX Delete Attached Media Type Plugin Vulnerable versions = 2.0.5.1 Fixed in 2.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46073 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 86e92ca0a83a Credits Abdi Pranata...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.3 is vulnerable to Broken Access Control

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46080 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID baadd6626a79...

WordPress Broken Link Checker | Finder Plugin <= 2.4.2 is vulnerable to Broken Access Control

Software Broken Link Checker | Finder Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46082 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID cfffdd260ad0 Credits Abdi Prana...

WordPress WooCommerce Ninja Forms Product Add-ons Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Ninja Forms Product Add-ons Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5601 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2bbb91735283 Credits Alexander Concha...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...

WordPress Custom post types Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom post types Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32116 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de51dde21ff9 Credits Taihei Shimamine...

WordPress is vulnerable to Broken Access Control

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39999 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 145475520c6c Credits Rafie Muhammad Patchstack...

WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection

Software Accessibility Suite by Online ADA Type Plugin Vulnerable versions = 4.12 Fixed in 4.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45830 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f21f42859c29 Credits minhtuanact Required privilege...

WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control

Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...

WordPress Nexter Theme <= 2.0.3 is vulnerable to Broken Access Control

Software Nexter Type Theme Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45658 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 6bbe3c1cdbc1 Credits Rafie Muhammad Patchstack Required...